突然间,我所在大学的网络冻结了,我们设法将问题归咎于通过 DHCP 端口发送的大量 UDP 数据包。仔细检查后,我们发现一些客户端不断向服务器发送 DHCP 请求,尽管服务器似乎做出了响应。我粘贴了服务器上系统日志文件的一个示例([[客户端 IP]] 在所有条目中都相同,服务器和客户端 IP 位于同一子网中)。非常奇怪的是,不仅一个客户端这样做,甚至还有一个无线路由器,而且这种情况今天才开始发生。isc-dhcp-server 似乎没有更新。任何帮助都将不胜感激。
Feb 25 17:57:46 zeus dhcpd: DHCPRELEASE of [[client IP]] from 00:22:75:ea:e5:dc via eth1 (found)
Feb 25 17:57:48 zeus dhcpd: message repeated 3 times: [ DHCPRELEASE of [[client IP]] from 00:22:75:ea:e5:dc via eth1 (found)]
Feb 25 17:57:48 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:49 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
/var/lib/dhcp/dhcpd.leases 的内容:
lease [[client IP]] {
starts 4 2016/02/25 16:06:25;
ends 5 2016/02/26 16:06:25;
cltt 4 2016/02/25 16:06:25;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:06:25;
ends 5 2016/02/26 16:06:25;
cltt 4 2016/02/25 16:06:25;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:06:26;
ends 5 2016/02/26 16:06:26;
cltt 4 2016/02/25 16:06:26;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:06:27;
ends 4 2016/02/25 16:08:53;
tstp 4 2016/02/25 16:08:53;
cltt 4 2016/02/25 16:06:27;
binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 5 2016/02/26 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 4 2016/02/25 16:08:57;
tstp 4 2016/02/25 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 5 2016/02/26 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 4 2016/02/25 16:08:57;
tstp 4 2016/02/25 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
答案1
如果这些客户端和 DHCP 服务器之间仅进行单向通信,则可能会看到此行为。
请求到达服务器,服务器响应,但客户端始终得不到响应。所以它不断询问。
我曾见过这种情况由于电缆损坏而发生。因此,我首先要尝试的是为其中一个客户端提供一个合适的静态 IP 地址,然后查看它是否真的可以 ping DHCP 服务器并得到响应。
答案2
作为解决网络功能问题的临时解决方法,我建议为这些具有预定义 IP 地址的 MAC 添加静态租约,形式为
host probably-infected {
hardware ethernet 00:22:75:ea:e5:dc;
fixed-address <SOME FIXED IP>;
}
并继续调查这些 MAC 出了什么问题。